Check for over/underflow while allocating PTS ids

The behavior of signed integer over/underflow is implementation-defined,
but even if the compiler is nice and just wraps around, we could get
ourselves into trouble later on.

Change-Id: I20ea9c790037a36b8527889b3f7adcfd60e74fd4
Reviewed-on: http://gerrit.openafs.org/10091
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>

diff --git a/src/ptserver/utils.c b/src/ptserver/utils.c
index 60de047..abc37c1 100644 (file)
--- a/src/ptserver/utils.c
+++ b/src/ptserver/utils.c
@@ -340,7 +340,8 @@ AllocID(struct ubik_trans *at, afs_int32 flag, afs_int32 *aid)
 
     if (flag & PRGRP) {
        *aid = ntohl(cheader.maxGroup);
-       while (code && i < maxcount) {
+       /* Check for PRBADID to avoid wrap-around. */
+       while (code && i < maxcount && *aid != PRBADID) {
            --(*aid);
            code = FindByID(at, *aid);
            i++;
@@ -372,7 +373,7 @@ AllocID(struct ubik_trans *at, afs_int32 flag, afs_int32 *aid)
        return PRSUCCESS;
     } else {
        *aid = ntohl(cheader.maxID);
-       while (code && i < maxcount) {
+       while (code && i < maxcount && *aid != 0x7fffffff) {
            ++(*aid);
            code = FindByID(at, *aid);
            i++;